### Key Vulnerability Information #### Vulnerability Overview - **CVE IDs**: Multiple CVEs, including CVE-2025-47182, CVE-2025-47191, CVE-2025-47361, etc. - **Affected Products**: GStreamer and related components. #### Vulnerability Details 1. **Heap Out-of-Bounds Read in qtdemux_parse_trak** - **CVE ID**: CVE-2025-47182 - **Description**: When processing specific media file formats, there is a heap out-of-bounds read vulnerability, potentially leading to information disclosure or application crashes. 2. **Heap Out-of-Bounds Read in optopus_parse_trak** - **CVE ID**: CVE-2025-47191 - **Description**: Similar to the issue in qtdemux_parse_trak, but found in the optopus parser. 3. **Null Pointer Dereference in tsdemux_parse_pat** - **CVE ID**: CVE-2025-47361 - **Description**: When processing TS streams, if certain fields in the PAT table are not properly initialized, a null pointer dereference may occur, causing a crash. 4. **Stack Buffer Overflow in parse_subrip_time** - **CVE ID**: CVE-2025-47382 - **Description**: While parsing timestamps in SRT subtitle files, there is a stack buffer overflow vulnerability that could be exploited to execute arbitrary code. #### Impact Scope - **Affected Versions**: GStreamer 1.22.0 and earlier versions. - **Mitigation Recommendation**: Upgrade to GStreamer 1.22.1 or later. #### Reporting Timeline - **Report Date**: January 12, 2025 - **Public Disclosure Date**: February 12, 2025 #### Reference Links - [GStreamer Official Announcement](https://gstreamer.freedesktop.org/) - [CVE Details](https://cve.mitre.org/)